单个站点上的多个应用程序 - 会话和表单身份验证范围

发布于 2024-10-20 14:05:06 字数 573 浏览 1 评论 0原文

我们使用 ASP.NET 和 IIS 6.0。我意识到应用程序、网站和虚拟目录的定义在 IIS 6 中定义不明确，并且在 IIS 7 中发生了很大变化。但是，我现在仍坚持使用 IIS 6.0。

我们在 IIS 中定义了一个网站，并在虚拟目录中定义了许多单独的子站点。

该方案如下所示：-

http://site.example.com/site1
http://site.example.com/site2
.. etc ..

site1、site2...是 IIS 6.0 中“默认网站”下的虚拟目录。

我需要在大多数站点中使用 ASP.NET 会话和表单身份验证，并且我根本不希望它们共享身份验证数据或会话信息。

目前这两种机制都依赖于 cookie。然而，默认创建的cookie使用相同的名称，并且在浏览器中具有“/”路径，这意味着站点的cookie会相互冲突。

在不更改每个 cookie 的默认名称的情况下，如何强制子站点之间分离？我需要更改 IIS 6“应用程序”的虚拟目录吗？或者代码中是否有某种方法可以对 cookie 实施更有限的范围？

提前致谢。

原文

We're using ASP.NET and IIS 6.0. I realise that the definitions of applications, websites and virtual directories are ill-defined in IIS 6, and changed a lot in IIS 7. However, I'm stuck with IIS 6.0 for now.

We have a single web site defined in IIS, and a number of separate sub-sites in Virtual Directories.

The scheme looks like this:-

http://site.example.com/site1
http://site.example.com/site2
.. etc ..

site1, site2, ... are virtual directories in IIS 6.0, under the "Default Web Site".

I need to use ASP.NET sessions and forms authentication in most of these sites, and I don't want them to share authentication data or session information at all.

Both the mechanisms currently depend on cookies. However, the cookies created by default use the same name, and have a path of "/" in the browser, meaning the sites' cookies will clash with each other.

Without changing the default name for each cookie, how can I enforce separation between my sub-sites? Do I need to change the virtual directories for IIS 6 "Applications"? Or is there some way in code to enforce a more limited scope for the cookies?

Thanks in advance.

分享到QQ

分享到微博